Hilton denies hack after data from 3.7 million Honors customers offered for sale
UPDATE: After examining the hacker forum post, a Hilton spokesperson claimed the data being offered for sale does not include guest passwords, contacts or financial information.
"The unsecured 3.7 million pieces of data are individual reservation records that when de-duplicated, impact approximately 500,000 Hilton Honors accounts," the spokesperson said.
PREVIOUSLY: Hotel giant Hilton denied that it has been hacked after cybercriminals claimed to have breached the company’s systems and stolen data related to 3.7 million customers.
On Monday, hackers said they stole a database from 2017 consisting of information from customers enrolled in the Hilton Hotel Honors program. The information in the database includes names, Honors ID and Honors Tier as well as more specific data on reservations like check-in dates and more.
A Hilton spokesperson told The Record that while they do not believe they have been hacked, they are investigating the claims.
"Hilton is strongly committed to protecting guest information and maintaining the integrity of its systems. There is no evidence to suggest Hilton systems have been compromised, and we can confirm that no guest passwords, contacts or financial information have been disclosed,” the spokesperson said.
“We are investigating this report closely and taking all appropriate measures to ensure the continued security of our Hilton Honors members’ and guests’ information.”
According to IntelBroker, a hacker forum user, a database of 3.7 million users belonging to the Hilton Hotels Honors has been leaked. According to them, the data contains information such as honors id, address, name, and so on. #UnitedStates #darkweb #databreach #cyberrisk pic.twitter.com/Km6iZbI0tI— FalconFeedsio (@FalconFeedsio) January 24, 2023
Hotels are a ripe target for hackers considering the amount of information they have to collect on customers. There are even state-sponsored cyber-espionage groups like DarkHotel, APT28, and the Rana Group that specialize in cyberattacks targeting hotels and across the world.
One group, nicknamed “FamousSparrow,” was implicated in attacks on hotels in France, Lithuania, the U.K. Israel, Saudi Arabia, Brazil, Canada, Guatemala, Taiwan and Burkina Faso.
Marriott said last year that hackers tried to extort the company after 20 GB of employee and customer data was stolen from BWI Airport Marriott in Baltimore. Marriott has faced multiple breaches over the last ten years.
The most notable was a 2014 breach involving the personal information of 500 million hotel guests. The company is in the midst of one of the largest-ever class-action lawsuits ever related to the breach.
Meliá Hotels International, one of the largest hotel chains in the world, was crippled by a cyberattack in 2021.
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.